It took only a few hours before attackers started to hammer away at two decoy
water utility networks stood up in a recent experiment that resulted in 39
attacks from 14 different nations over a 28-day period.

Researchers at Trend Micro built two honeypot-based architectures that mimic a
typical ICS/SCADA environment, including one that included a Web-based
application for a water pressure station. The goal was to determine what kinds
of attacks and attackers are going after ICS/SCADA systems today, and the
researchers were a bit surprised by some of what they saw.

Kyle Wilhoit, a researcher with Trend Micro who led the experiment, found that
most attacks on ICS/SCADA systems appeared to come from China (35 percent),
followed by the U.S. (19 percent) and Laos (12 percent).

"I had initially anticipated normal drive-by, automated attacks, not really any
type of attack going in and trying to modify these systems. But it obviously
went much differently," he says. "We got attacked quite a bit more and in
different ways than we anticipated."